Mythic C2 SSL - Detect

ID: mythic-c2-ssl

Severity: info

Author: johnk3r

Tags: c2,ssl,tls,ir,osint,malware,mythic

Description

Mythic is a multiplayer, command and control platform for red teaming operations

YAML Source

id: mythic-c2-ssl

info:
  name: Mythic C2 SSL - Detect
  author: johnk3r
  severity: info
  description: |
    Mythic is a multiplayer, command and control platform for red teaming operations
  reference: |
    https://docs.mythic-c2.net
    https://www.team-cymru.com/post/mythic-case-study-assessing-common-offensive-security-tools
  metadata:
    verified: "true"
    max-request: 1
    shodan-query: ssl:"Mythic"
    censys-query: services.tls.certificates.leaf_data.issuer.common_name:Mythic
  tags: c2,ssl,tls,ir,osint,malware,mythic
ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
      - type: word
        part: issuer_dn
        words:
          - "O=Mythic"

    extractors:
      - type: json
        json:
          - " .issuer_dn"
# digest: 4a0a00473045022100e8afda485b0b4c22717b354757f2ee63b8bcbb1861f21266bd0a7d3784cab21902206e2077208e9084dad3c2f02e89406f9c8a53a2c515415a4031a8901205be4353:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "ssl/c2/mythic-c2-ssl.yaml"

View on Github